#!/bin/sh curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh IP6BLOCK=`ip addr show | grep inet6 | grep -vE ' f[de][0-9a-f]{2}:' | grep /64 | head -n1 | sed -E "s/\s*inet6\s*(([0-9a-f]{1,4}:){3}[0-9a-f]{1,4}):.*\/64 scope global dynamic mngtmpaddr noprefixroute\s*/\1/"` IP6SNAT_START="::2" IP6SNAT_END=":ffff:ffff:ffff:ffff" PRIVATE_V6="fd61:a12b:f6ed:f920::/64" PRIVATE_V4="172.19.0.0/16" SWITCHED_NETWORK=1 INTERFACE=`ip route | grep default | sed -E "s/.*dev ([^ ]+).*/\1/"` IP6BLOCK_SIZE="64" echo '{ "experimental": true, "ip6tables": true, "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "10" } }' > /etc/docker/daemon.json systemctl restart docker docker network create --ipv6 -o "com.docker.network.bridge.enable_ip_masquerade=false" --subnet $PRIVATE_V6 --subnet $PRIVATE_V4 ip6net cat <thing.py import ipaddress import subprocess # CONFIG # public range subnet = "$IP6BLOCK::/64" # private range to be snat'ted from privateV6 = "fdbf:e8f7:b417:575a::/64" # END CONFIG def split_ipv6_subnet(subnet, chunks): # Convert the subnet to an IPv6 network object network = ipaddress.ip_network(subnet, strict=False) # Calculate the number of addresses in each chunk addresses_per_chunk = network.num_addresses // chunks # Ensure that we aren't left with an incomplete final chunk if network.num_addresses % chunks: addresses_per_chunk += 1 results = [] current_address = int(network.network_address) end_address = int(network.network_address) + network.num_addresses for i in range(chunks): # Start of the current chunk start = current_address # If this is the last chunk, set the end to the end address of the subnet if i == chunks - 1: end = end_address else: # Otherwise, set the end to the address at the end of the chunk end = start + addresses_per_chunk # Convert the start and end addresses back to IPv6 addresses start_ip = ipaddress.IPv6Address(start) end_ip = ipaddress.IPv6Address(end - 1) # Subtract 1 to get the last address in the chunk results.append(f"{start_ip}-{end_ip}") # Update the current address to the end of the chunk current_address = end # If we've reached the end of the subnet, break out of the loop if current_address >= end_address: break return results with open("/proc/sys/net/ipv4/ip_local_port_range", "r") as f: content = f.readline() PORT_RANGE_START, PORT_RANGE_END = map(int, content.split()) print(PORT_RANGE_START, PORT_RANGE_END) PORT_RANGE_COUNT = PORT_RANGE_END - PORT_RANGE_START + 1 i = 0 for netRange in split_ipv6_subnet(subnet, PORT_RANGE_COUNT): print(str(PORT_RANGE_START + i), "->", netRange) subprocess.run( ["ip6tables", "-t", "nat", "-A", "POSTROUTING", "-p", "udp", "--sport", str(PORT_RANGE_START + i), "-s", privateV6, "-j", "SNAT", "--to-source", netRange]) subprocess.run( ["ip6tables", "-t", "nat", "-A", "POSTROUTING", "-p", "tcp", "--sport", str(PORT_RANGE_START + i), "-s", privateV6, "-j", "SNAT", "--to-source", netRange]) i += 1 EOF python3 thing.py DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent -y iptables-save > /etc/iptables/rules.v4 ip6tables-save > /etc/iptables/rules.v6 if [ "$SWITCHED_NETWORK" -eq 1 ]; then echo Setting up ndppd to respond to ipv6 neighbour solicitations for the whole network echo "proxy $INTERFACE { router no rule $IP6BLOCK::/$IP6BLOCK_SIZE { static } }" > /etc/ndppd.conf apt-get install ndppd fi seq 4 | xargs -n1 -P100 -I% docker run --pull always --detach --network ip6net -e PREFER_IPV6=1 --log-driver json-file --log-opt max-size=25m atdr.meo.ws/archiveteam/telegram-grab --concurrent 1 kiska1